package com.tt.vtg.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SaltedAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.apache.shiro.codec.Base64;

import com.tt.vtg.dao.entity.User;
import com.tt.vtg.utils.VtgUtils;

public class MyCredentialsMatcher extends SimpleCredentialsMatcher {

	@Override
	public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
		// TODO Auto-generated method stub

		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		Object accountCredentials = getCredentials(info);
		String pwdType = String.valueOf(token.getPassword());// 判断一下密码是否是用户输入的

//		// 如果用户输入的密码长度位32那么里面会有一个bug
//		if (pwdType.length() == 32) {
//			return equals(pwdType, accountCredentials); // 密码长度=32位，说明是md5加密过，是从xx传进来的 32位加密。
//		}
		Object salt = null;
		salt = ((SaltedAuthenticationInfo) info).getCredentialsSalt();
		String pwdUser = VtgUtils
				.encrypt(String.valueOf(token.getPassword()) + Base64.decodeToString(String.valueOf(salt)));// 不等于32
																											// 是用户输入的密码。
		// 将密码加密与系统加密后的密码校验，内容一致就返回true,不一致就返回false
		return equals(pwdUser, accountCredentials);

	}
}
